Welcome to Make World. Theme park rides in this area are know as Panic, Confusion,Dismay, and our all time favorite Segfault
Error Operating System not Found. Please note these rides are not for the faint of heart or the easily frustrated as Make
World rides will emphasis these handicaps. Please note all of these rides are designed solely for the amusement of the
engineers who designed the system and are thousands of miles away. And for people around you who love to laugh at you while
you suffer miserably on these knee jerk rides. And since Make World is free ( as in beer ) you will be getting your money's
worth.

Okay lets boil this down, you can make a trip through Make World with this command:

Now if you just went ahead and did that without reading any further. I wish you the best of luck on your journey into hell.

Make World:

is what FreeBSD user call it when you do an upgrade by using the make world group of commands.

The Obligatory Warnings:

BACKUP

BACKUP

BACKUP

If you don't to bad for you. You won't even get cheese with that whine.

I try to keep my articles as simple as possible and not overload you with useless information that you probably don't need.
This article will go completely overboard in that area. Don't like it, to damn bad. What happens when you do this to your
computer is pretty extensive. If messes with just about every critical file it can get it's hands on. And one wrong move
will screw it up to the point where it won't even boot. Scared ? Good. That means you will have loads of fun.

And yes you probably don't need half the information I am throwing at you so I will try to keep critical stuff on the
forefront and trivia in the back. Some people actually want to be a bit smarter others just want to upgrade.

This article deals with an upgrade on a FreeBSD system that originally had 4.7 Stable and upgraded to 4.8 Stable. Current
users don't need this article. Because they like to live on the edge and help beta test new and risky stuff. I am not so
brave.

Everything is done here is done as root.

Final Warning: The handbook really won't help you.

*Addendum.* 6/4/05 The handbook has vastly improved on how to do a make world.
It does not include all the details I have here , but it is much much better.

With the exception of the FAQ and Credits all of the above are the commands you will need to issue in order if you want to
do this one step at a time. Please read the whole article. If you have never done this before some of the files need to be
customized.

Please make a note as to what version you are running so when you are done you can see if you actually upgraded.
Definitions here.At the
prompt type:

uname -a

When it is done it will return to a command prompt

cvsup stable-supfile:

The first step to upgrade is to make sure we have the files we need to upgrade. In order to do this I use cvsup. It is available in the ports tree. You can also use the package version if you wish. One way or another you need toinstall it.

Once you have installed it. You will need to have a file known as stable-supfile. I recommend you copy one from the
/usr/share/examples/cvsup/stable-supfile file or the /usr/src/share/examples/cvsup/stable-supfile file. To a simple
location I keep mine in my / directory. You can make a copy with the cp command. type this:

cp /usr/share/examples/cvsup/stable-supfile /stable-supfile

You will need to edit the stable-supfile a little to suit you needs. You can look at an edited stable-supfile here.
I recommend Easy Editor (ee) when editing files.

ee /stable-supfile

You will need to change the following line:

*default host=CHANGE_THIS.FreeBSD.org

to read like this :

*default host=cvsup3.FreeBSD.org

You should have a line that looks like this:*Addendum* added 6/04/05

*default release=cvs tag=RELENG_4

That will give you the latest STABLE version of 4.x.

That tells cvsup where to go to get the latest stable release files. The rest of the file is already setup to bring
in all the files needed to make a successful trip through Make World. Go to you / directory. If that is where you saved your
stable-supfile and type the following:

cvsup stable-supfile

It will now begin importing all of the file changes it needs for the upgrade. Once it has finished It will return to a prompt

make.conf

Your make.conf is a file that is read during the trip through Make World.
When you issue your make buildworld, make installworld and other make commands on your trip through Make World.The file is
actually located in the /usr/src/etc/defaults/ directory.It needs to be copied over to the /etc/ directory. You can do that
with this command:

This is a change directory (cd) command. You are changing to the /usr/src/
directory. This is where you need to be in order to complete a successful trip through Make World.

Mergemaster -p

This is a prep phase for mergemaster. This a program that goes through your /dev/MAKEDEV file and your /etc/ directory.
Checking for differences between files on your computer and the upgrade files. The program starts by trying to set up a
temp directory. Please take notes on the files that are dealt with. You don't have to write down everything but some notes
on the name of the files would be helpful.Mergemaster -p saves sendmail users and openssh info. Not having that info can cause
errors during make installworld. For the big definition on Mergemaster go here.At the command prompt type:

mergemaster -p

*** The directory specified for the temporary root environment,
/var/tmp/temproot, exists. This can be a security risk if untrusted users have access to the system.
Use 'd' to delete the old /var/tmp/temproot and continue
Use 't' to select a new temporary root directory
Use 'e' to exit mergemaster
Default is to use /var/tmp/temproot as is
How should I deal with this? [Use the existing /var/tmp/temproot]

Press Enter ( which means use /var/tmp/temproot ) and you should be good to go. This will keep the temporary root environment
in /var/tmp/temproot. It will now start to compare a large number of files. And show you the differences between them.

Now it is going to start going through your /etc/ directory and /dev/MAKEDEV file .This is the beginning of the hellish part
of Make World. Some notes on what you will see here. Mergemaster brings up the current file on the hard drive and the new
version.If they are the same it smiles and moves on. If they are different it will point out the differences. It brings up
what is different between the files and shows you just the things that are different in the file. It may not need to bring up
everything in the file. The symbols used in Mergemaster:

--- 3 minus symbols in a row usually pertaining to the date of the file installation. I have only seen them at the top of a
file that is to be changed. It means the line next to them really has to be removed.

+++ 3 plus symbols in a row usually pertaining to the date of the file installation. I have only seen them at the top of a
file that is to be changed. It means the line next to them really has to be added (replace the existing line).

@@ means the line numbers that will be affected by the change. @@ -1,5 +1,24 @@ means line 1 and the next 4 lines will
become line 1 and the next 24 lines. Look at the next symbols to understand.

+ means the line that will be added.

- means the line that will be replaced/ removed

.

The mergemaster then brings up this dialogue.

Use 'd' to delete the temporary .name of file
Use 'i' to install the temporary .name of file
Use 'm' to merge the temporary and installed versions or parts of them.
Use 'v' to view the diff results again
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later]

&nbsp &nbsp'd' will remove any new lines for the file leaving it the way it was. No changes.

&nbsp &nbsp'i' will install all of the new lines and remove all of the old lines.

&nbsp &nbsp'm' will place both old and /or new lines in the file.

&nbsp &nbsp'v' lets you look at it again.

Use 'i' if you want to upgrade. Use 'd' if you don't. Use 'm' if you want to screw with things. And do it without the quotes.

Okay important notes here. If you have custom files in the /etc/ directory And you just click through this without checking.
I can assure you they will be gone when your trip to Make World is done. and you will not have had a good time on
the rides.You did remember to backup didn't you?

So how do I know what to upgrade and what to not upgrade? And what to merge?

My rules of thumb on this is:

The 'd' is for files that I have customized. Files I don't want changes in. Files like ppp.conf.

The 'i' is for files that I haven't customized that won't affect things I want my FreeBSD box to do. Most of my files in
mergemaster will get this option. Some examples for me are rc.diskless, pam.conf, and rc.syscons. I didn't need to customize
these files and their changes won't affect my box.

The 'm' is pretty cool, scary but cool. I have a file I want some changes in but not all. My example is motd. I wanted motd to show the new version of FreeBSD, but not the huge
greeting that follows it. It offers you choices:

FreeBSD 4.7-STABLE (THEBARON) #0: S | FreeBSD ?.?.? (UNKNOWN)
l: use the left version
r: use the right version
e l: edit then use the left version
e r: edit then use the right version
e b: edit then use the left and right versions concatenated
e: edit a new version
s: silently include common lines
v: verbosely include common lines
q: quit
%r

See that %r what happened was I got a prompt % and I wanted the right side so I typed r.

and

Welcome to The Baron! | Before seeking technical support, p
>
> o Security advisories and updated
> at http://www.FreeBSD.org/releas
> for your release first as it's u
>
> o The Handbook and FAQ documents a
> along with the mailing lists, ca
> http://www.FreeBSD.org/search/.
> been installed, they're also ava
>
> If you still have a question or pro
> `uname -a', along with any relevant
> as a question to the questions@Free
> unfamiliar with FreeBSD's directory
> man page. If you are not familiar
>
> You may also use /stand/sysinstall
> configuration utility. Edit /etc/m
>
l: use the left version
r: use the right version
e l: edit then use the left version
e r: edit then use the right version
e b: edit then use the left and right versions concatenated
e: edit a new version
s: silently include common lines
v: verbosely include common lines
q: quit
%l
Use 'i' to install merged file
Use 'r' to re-do the merge
Use 'v' to view the merged file
Default is to leave the temporary file to deal with by hand
*** How should I deal with the merged file? [Leave it for later]
%i

See that %l that was for left side and %i was to install the merged file

In this case I told it in the upper boxes to use the right version (%r) to show what issue of FreeBSD (?.?.? goes to the new
version) I am using and in the lower setting I used the left version (%l). Then I told it to install the merged version (%i).

Some other things you will also see:

*** There is no installed version of ./etc/login.conf.db
Use 'd' to delete the temporary ./etc/login.conf.db
Use 'i' to install the temporary ./etc/login.conf.db
Default is to leave the temporary file to deal with by hand
How should I deal with this? [Leave it for later]

This means that a new file would like to be added and that there is no current copy of this file. I have always told it to
install ('i' without the quotes people).

When it is done You will see this:

*** Comparison complete
Do you wish to delete what is left of /var/tmp/temproot? [no]

Press Enter (which means no) and you have set up the temporary files. You want to keep those files there for when you go back
into mergemaster at the end.

You get to go through this twice once at the beginning and once at the end and I have seen it choose different files from the
first time to when it has gone through it's make world session. And that folks is the basics of Mergemaster.When it is done
it will go back to a prompt.

make buildworld

Okay it is time for the rides to a more dangerous turn. Make buildworld is the command that tell your computer to grab those
files in /usr/src/ and start putting them together. This will cause a lot of stuff to flash across the screen as it compiles,
uncompresses and sorts through the whole nine yards. These are the files that are connected to the /dev/ and /etc/ and other
directories. These are not the kernel files. This like when a cabinet is built all the parts are formed at a shop away from
your house.At the prompt type:

make buildworld

When it is finished it will return to a prompt.

make buildkernel KERNCONF=KERNNAME

Now we are entering the big drop on the roller coaster ride of make world. Make buildkernel KERNCONF=KERNNAME is the command
that tells the computer to grab the kernel files in /usr/src/ and start
putting them together. Now if you typed it in just like it is shown you will get an error message. KERNNAME is suppose to be
the name of your kernel. If you haven't given your kernel a name you use GENERIC. So the default is to use GENERIC unlesss you gave your kernel a
name. If you did give your kernel a name such as BOB you would need to replace KERNNAME with BOB. And yes the fact that they
are in capitol letters is important. Make sure yours are also. This would be where the shelves that will go in the cabinet are
built. Nothing is set in place yet.At the prompt type:

make buildkernel KERNCONF=KERNNAME

When it is finished it will return to a prompt.

make installkernel KERNCONF=KERNNAME

Make installkernel KERNCONF=KERNNAME is where the kernel is set into place. This is the core of the FreeBSD operating system.
It is what is read on boot and helps the functions work on the computer. The KERNNAME deal pops up here again remember if you
don't have a custom named kernel you replace KERNNAME with GENERIC. Remember to if you do have a specific KERNNAME it must
be the same as in make buildkernel KERNCONF=KERNNAME. This is the boss file on your computer every other file works for it
. This would be like the shelves going in the cabinet. They are just shelves you say. Shelves are easy to put in. Yes they
are. And they keep everything in the cabinet organized. You will find out if you have no shelves that it is not nearly as
easy to stock the cabinets.At the prompt type:

make installkernel KERNCONF=KERNNAME

When it is finished it will return to a prompt.

make installworld

Okay in make buildworld you built everything. Now you are going to install it. With this command everything starts to fit
itself into place. Lots of gobbledygook flashes across the screen. The cabinet guys come to your house and start installing
the cabinets and the shelves.At the prompt type:

make installworld

When it is finished it will return to a prompt.

mergemaster

Okay we are back here again. Please note that there is no -p switch. The deletes, installs, and merges here are permanent.
This is where what you reviewed earlier in your first mergemaster really happens. It may go through a second time every file
it went through with you before and it may even have a few new ones. The idea is still the same if you didn't customize it.
Just install it. If you did you will have either delete or merge it as described above. Please have your notes from the
previous session ready you did make notes didn't you? Please don't be like the waitress who thinks she can memorize my order
and then come back and say "Could you repeat your order again." Write it down. When it is done you get this again:

*** Comparison complete
Do you wish to delete what is left of /var/tmp/temproot? [no]

This time you tell it yes. Because you are done and don't need the temp files anymore the permanent ones are installed. This
is the beginning of cleaning up the mess. Just like with the cabinets there is going to be some cleaning that should be done.
More on that in a bit.

shutdown -r +3

This is the shutdown reboot command. I tell it that I want the computer
to shutdown in three minutes and then reboot. This prevents a hard shutdown and gives everything a chance to close. You don't
have to make it that long and most everything will happen in the last 10 seconds but I have seen "shutdown -r now" after a
trip through make world screw a few things up. You must reboot for the changes in make world to take place.At the prompt type:

shutdown -r +3

When it has finished you will need to log back on as root..

uname -a

Okay you did the reboot you did log in. And you didn't see any screwed up error messages. Marvelous. Now at the prompt type:

Please note that it should be a different version than the one you started with. That was the whole point. Uname displays the
system information the -a switch means give me all of the information.Now that you have done a great job, you have to clean
up. What you don't think you do, look at this:

df-h

At the command prompt you will type df -h and you will see how much space is
used up on your hard disk. So at the command prompt type.

That /usr directory is a bit full. There are three things stuff to the hilt in there right now. They are /usr/ports, /usr/src,
and /usr/obj.

cd /usr/src; make clean

The make clean command is the nice way to clean up the source
(src) files used in your trip through Make World. This does a nice neat
clean up. It takes time but when it is done you are worry free. At the prompt type:

cd /usr/src; make clean

When it is finished it will return to a prompt.

cd /usr/ports; make clean

The make clean command is the nice way to clean up the ports files used in your trip through Make World. This does a nice neat
clean up. It takes time but when it is done you are worry free. At the prompt type:

cd /usr/ports; make clean

When it is finished it will return to a prompt.

Another command you can run is this one, at the prompt type:

find /usr/ports -type d -name 'work' | xargs rm -vrf

That will do the same thing just a little quicker. It takes anything in a 'work' directory in /usr/ports/ and cleans it out.

Look at the difference here. And that is with a nice clean up. Not to shabby.

We hope you enjoyed your trip through Make World please come visit again when the next release is issued.

The FAQ you never really asked.

1. What is the && mean?

The && means when you are finished with one thing go and automatically do the next. Provided you don't have any errors. Which
causes the continue functioning to stop.

2. The tables that look like screenshots don't render in my Lynx browser. Are you going to fix that?

No. Blame Lynx not me.

3. How come you included KERNCONF=KERNNAME
when you don't need it for a GENERIC kernel?

While it is true you don't need KERNCONF=KERNNAME for a GENERIC kernel. If you have a custom one and forget to put in
KERNCONF=KERNNAME you will be screwed. Using KERNCONF=KERNNAME is a good habit to get into. Unlike smoking.

4. Something went wrong and I got an error. Can you help me fix it?

Probably not. I am still new to this stuff and I don't get to work or play on FreeBSD boxes all day everyday. You can post it
in Chucktips and/ or comp.unix.bsd.freebsd.misc and see if you get the answer you need.
You can also post your question in the reply section to this article here. I can't guarentee you will get a quick response let
alone a right one. but I will at least try.

6. I want to upgrade from 4.4 to 4.8 (or some other multi release jump), will what you wrote work?

Yes provided you follow the instructions and backup. Mergemaster is your friend.

7. How come everything says I can delete /usr/obj and you don't?

I don't like deleting it. I use the cd /usr/src; make clean and it does a nice neat job and takes care of /usr/obj without
creating dependency issues.

8. Why don't you drop into single user mode and use the tweaks?

Because you don't have to. Will doing it make your trip through Make World faster, yes. But that means more explaining.
And this is for newbies. Once you have done it a few times, then go into single user mode and use the tweaks.

The Credits

Jason Neuman, who probably
wonders if I am taking all my meds but still lets me post my articles.

Welcome to Make World. Theme park rides in this area are know as Panic, Confusion,Dismay, and our all time favorite Segfault Error Operating System not Found. Please note these rides are not for the faint of heart or the easily frustrated as Make World rides will emphasis these handicaps. Please note all of these rides are designed solely for the amusement of the engineers who designed the system and are thousands of miles away. And for people around you who love to laugh at you while you suffer miserably on these knee jerk rides. And since Make World is free ( as in beer ) you will be getting your money's worth.

Wednesday, May 27, 2009

Few projects win by maintaining the status quo. Projects that win are those that go ahead and always improve. It is OK to be afraid about the work that is ahead. If you're not scared, you're not doing the right thing. Both winners and losers have fear, but all winners have faith. We can do this -- we've done it before.

Tuesday, May 26, 2009

I see a lot of people on forums and on my training courses asking about the best way (or any way) to manage dates stored in a MySQL database and used in PHP. Three options follow, but first the problem.

PHP uses unix timestamps for all its date functionality. It has methods to convert these timestamps into pretty much any text format you could want but internally it uses the timestamp format. A timestamp is simply an unsigned integer. Specifically, it’s the number of seconds that have elapsed since midnight on January 1st 1970 (greenwich mean time).

MySQL has three date types for use in columns. These are DATETIME, DATE, and TIMESTAMP. DATETIME columns store date and time as a string in the form YYYY-MM-DD HH:MM:SS (e.g. 2006-12-25 13:43:15). DATE columns use just the date part of this format - YYYY-MM-DD (e.g. 2006-12-25). TIMESTAMP columns, despite their name, are nothing like the unix timestamps used in PHP. A TIMESTAMP column is simply a DATETIME column that automatically updates to the current time every time the contents of that record are altered. (That’s a simplification but broadly true and the details are not important here). In particular, since version 4.1 of MySQL the TIMESTAMP format is exactly the same as the DATETIME format.

So the problem is how to work with these two very different date formats - the PHP timestamp integer and the MySQL DATETIME string. There’s three common solutions…

1. One common solution is to store the dates in DATETIME fields and use PHPs date() and strtotime() functions to convert between PHP timestamps and MySQL DATETIMEs. The methods would be used as follows -

2. Our second option is to let MySQL do the work. MySQL has functions we can use to convert the data at the point where we access the database.

UNIX_TIMESTAMP will convert from DATETIME to PHP timestamp and FROM_UNIXTIME will convert from PHP timestamp to DATETIME. The methods are used within the SQL query. So we insert and update dates using queries like this -

3. Our last option is simply to use the PHP timestamp format everywhere. Since a PHP timestamp is an unsigned integer, use an unsigned integer field in MySQL to store the timestamp in. This way there’s no conversion and we can just move PHP timestamps into and out of the database without any issues at all.

Be aware, however, that by using a unsigned integer field to store your dates you loose a lot of functionality within MySQL because MySQL doesn’t know that your dates are dates. You can still sort records on your date fields since php timestamps increase regularly over time, but if you want to use any of MySQL’s date and time functions on the data then you’ll need to use FROM_UNIXTIME to get a MySQL DATETIME for the function to work on.

However, if you’re just using the database to store the date information and any manipulation of it will take place in PHP then there’s no problems.

So finally we come to the choice of which to use. For me, if you don’t need to manipulate the dates within MySQL then there’s no contest and the last option is the best. It’s simple to use and is the most efficient in terms of storage space in the data table and speed of execution when reading and writing the data.

However, some queries will be more complicated because your date is not in a date field (e.g. select all users who’s birthday is today) and you may lose out in the long run. If this is the case it may be better to use either option 1 or 2. Which of these you use depends on whether you’d rather place the work on MySQL or PHP. I tend to use option 2 but there’s no right or wrong answer - take your pick.

So to summarise, for those who’ve skipped straight to the last paragraph, most of the time I use option 3 but occasionally I use option 2 because I need MySQL to know the field contains a date.

Monday, May 25, 2009

> Hi!>> We are storing UTF-8 data in out mysql database and we need to get the> length of the data. But length() doesn't return the number of characters> but the pure number of bytes.>> SELECT LENGTH('köter') => 6>> Currently we are doing something like that:>> SELECT LENGTH(CONVERT('köter' USING 'ucs2'))/2;>> This works fine but a "real" solution like CHAR_LENGTH() or something like> that would be really apprectiated.

From http://dev.mysql.com/doc/mysql/en/string-functions.html:

CHAR_LENGTH(str)

Returns the length of the string str, measured in characters. A multi-byte character counts as a single character. This means that for a string containing five two-byte characters, LENGTH() returns 10, whereas CHAR_LENGTH() returns 5.

Look at OCTET_LENGTH() and CHAR_LENGTH(). (While OCTET_LENGTH() is asynonym, it is the SQL standard way of getting the length of a stringin bytes.)

$text = "How To Become A Hacker Why This Document? As editor of the Jargon File, I often get email requests from enthusiastic network newbies asking (in effect) \"how can I learn to be a wizard hacker?\". Oddly enough there don't seem to be any FAQs or Web documents that address this vital question, so here's mine. 身為 Jargon File 的編輯, 常有一些網路新手發 mail 問我 \"如何成為一個厲害的 hacker?\". 但, 很奇怪的, 似乎沒有任何的 FAQs 或 Web documents 說明這麼重要 的問題, 所以我寫了一份我自己的看法. If you are reading a snapshot of this document offline, the current version lives at href=\"http://www.ccil.org/~esr/faqs/hacker-howto.html. 如果你是以 offline 的方式在看這一份文件的某一個版本, 那麼你可以在 \"http://www.ccil.org/~esr/faqs/hacker-howto.html\" 找到這份文件的目前最新版本. What Is A Hacker? 怎麼樣才算是一位 Hacker ?? The Jargon File contains a bunch of definitions of the term 'hacker', most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant. 在 Jargon File 裏有一堆關於 'hacker' 這個名詞的定義, 大部份必須是技術上的 行家或熱衷於解決問題, 克服限制的人. 然而, 如果你想知道如何成為一位 hacker, 有兩件事是很有關連的.";

// Set the content-type// if you want to output to browser, uncomment following line, and remove the file name from next line.header('Content-type: image/png');

// Using imagepng() results in clearer text compared with imagejpeg()imagepng($im);imagedestroy($im);

/** * Mickey9801 at ComicParty dot com: * Most of functions shared here seems only work with western language and * is not suitable for multibyte characters (like Chinese). I have written * a function using mb_string functions to match the need of multibyte character * word wrapping. * I also added some machanism so that English word won't be cut off at the * end of line. Of couse you must use unicode string on GD.

Sunday, May 24, 2009

Diskpart differs from many command-line utilities because it does not operate in a single-line mode. Instead, after you start the utility, the commands are read from standard input/output (I/O). You can direct these commands to any disk, partition, or volume. Back to the topComparison with Disk Management Diskpart enables a superset of the actions that are supported by the Disk Management snap-in. The Disk Management snap-in prohibits you from inadvertently performing actions that may result in data loss. It is recommended that you use the Diskpart utility cautiously because Diskpart enables explicit control of partitions and volumes.

You can use Diskpart to convert a basic disk to a dynamic disk. The basic disk can either be empty or contain either primary partitions or logical drives. The basic disk can be a data disk or system or boot drive. The basic disk cannot have fault-tolerant disk driver (FtDisk) sets such as stripes or mirrors. To convert basic disks that have FtDisk driver sets, use Disk Management on Windows 2000 or convert the disk before you upgrade to Windows XP.

You can use Diskpart to convert a dynamic disk to a basic disk. You must delete any dynamic volumes before the conversion process. It is not recommended that you delete partitions on a dynamic disk except in emergency situations. It is recommended that you delete all volumes on the drive, and then convert the disk to basic. You must delete all dynamic data partitions. Also, never mix the basic primary and dynamic partitions on the same drive. If you do so, the computer may be unable to restart.

You can use Diskpart to create a partition at an explicit disk offset. The Disk Management snap-in places the partition at the end of any occupied area or on the first sufficiently large area. On master boot record (MBR) disks, the partition offset and the size are rounded to preserve the required cylinder alignment. Offsets are rounded to the closest valid value, and the size is always rounded up to the next valid value. Diskpart does not assign a drive letter to a newly created partition. Use the assign command to assign either a mount point or a drive letter.

Diskpart follows the same policy as the snap-in. Dynamic disks can only be created on fixed disks. You cannot convert removable disks, such as 1394 or universal serial bus (USB) drives, to dynamic disks.

Diskpart permits certain partition deletion operations that are blocked by the snap-in. For example, you can use Diskpart to delete MBR OEM partitions. However, these partitions often contain files that are important to the platform operation. Diskpart blocks the deletion of the current system, boot, or paging volumes and partitions. Also, Diskpart blocks deletion of the partitions that underlie dynamic disks.

You cannot use Diskpart to create a partition on removable media. Windows supports at most one MBR partition on removable media. If the media is manufactured with an MBR, that MBR cannot be altered, but the MBR is followed even if multiple partitions or logical drives are configured. If the media is manufactured without an MBR, the media is treated as a "superfloppy" and no partition structure is written to the media.

The drive letter for a removable drive is associated with the drive, and not with the media. You can use Diskpart to change the drive letter.

The Diskpart utility (like the snap-in) includes support for the new Itanium disk partition scheme called GPT. You cannot use GPT disks on any x86-based Windows XP-based or Windows 2000-based computers. Diskpart enables the conversion of GPT partitioning to MBR partitioning only for empty disks.

You can use Diskpart to delete missing dynamic disks. Dynamic disks contain a shared database; all of the dynamic disks on a computer have knowledge of all other dynamic disks on that computer. When dynamic disks are moved, the original computer considers theses disks as "missing".

Drive letters are not automatically assigned when you use Diskpart. To ensure that a given partition or volume has a drive letter, you must explicitly assign a drive letter. You can either assign the drive letter or allow the next available drive letter to be allocated.

Tuesday, May 19, 2009

How can i test if a field has a numeric data type, at SQLServer i use IsNumeric() clause, what can i use in MySQL?============================Re: IsNumeric() clause in MySQL??Posted by: Homam Alsayed ()Date: February 02, 2005 01:37PM

The condition:

WHERE IsNumeric(SomeColumn) = 1

is bascially equivalent to:

WHERE CONVERT(SomeColumn, SIGNED INTEGER) IS NOT NULL

The only snag is you can only check for integers.=============================

* removing the space between the function name and the parentheses* adding the size to the datatype: TINYINT(1)* indicating that the function is deterministic: DETERMINISTIC* replacing the range '{0,1}' with a '?'

Important note: you need space in temp to be able to restoreif you run out of space in tmp, mount some filesystem somewhere andcreate symbolic links from /tmp and /var/tmp to that mount point

now to restore from backup you need to cd to dir where you mounted partition that you want to restoreCode:

$ cd /mnt/target

to restore from uncompressed backupCode:

$ restore -rf /mnt/usb/ad0s1d.dump

to restore from compressed backupCode:

$ bzcat /mnt/usb/ad0s1d.dump.bz2 | restore -rf -

And that is itnow you can delete file dumpdates (or something like that, check for weird file in target directory, in our case /mnt/target)

now unmount filesystems and reboot

Some notesyou can do incremental backups - backup everything and then backup only files that have changed since (on current backup level) see manual for more info

you can use dump/restore to clone your system to other PC'syou will probably need to copy Master Boot Record (MBR) as well

to backup MBR:Code:

$ dd if=/dev/ad0 of=/path/to/mbr.img bs=512 count=1

to restore MBR:Code:

$ dd if=/path/to/mbr.img of=/dev/ad0 bs=512 count=1

Tips* I prefer to compress backup, you can guess why

* if you backup /usr you may delete content of ports directorythis will speed up backup process, and reduce size of backup...It's good thing because by the time you will restore /usr from backups/usr/ports will be outdated, and you will need to update them anyway.And portsnap works very well (fast) in fetching ports

* I prefer to do full backups, that way you can be 100% sure, there won'tbe any confusing situations

* if you want to do backups while using filesystem, make sure you haven'tdeleted .snap directory, on partition that you want to backup

* if you have backed up encrypted drive, you need to somehow encrypt backupsbecause if someone gets these files, he can restore them to his pc, and read your files at will. (I used this method in FreeBSD + Geli guide, to encrypt drive, but process can be reversed)

Resourcesdump(8)restore(8)

Update 1Moving systemYou can move system from disk to disk on fly withCode:

Join Date: Nov 2008Posts: 60Thanks: 13Thanked 3 Times in 3 PostsDefaultSuper helpful!Reply With QuotedaveView Public ProfileSend a private message to daveFind all posts by dave #3 Old November 17th, 2008, 03:46abarmot's Avatar abarmot abarmot is offlineJunior Member

Join Date: Nov 2008Posts: 19Thanks: 1Thanked 0 Times in 0 PostsDefaultyeah, thanks a lot for how-to!!Reply With QuoteabarmotView Public ProfileSend a private message to abarmotFind all posts by abarmot #4 Old November 17th, 2008, 08:47thortos's Avatar thortos thortos is offlineJunior Member

Join Date: Nov 2008Location: GermanyPosts: 12Thanks: 8Thanked 3 Times in 2 PostsExclamationThis strategy will probably fail for every server being used more than marginally. Especially dumping databases that are in use (such as Postgres or mySQL data directories) will yield inconsistent results and most likely result in non-working databases after recovery.

While I am aware that important databases are to be replicated live onto backup servers, I want to illustrate that this dump-while-in-use strategy is best used for desktops or low-profile servers, not for heavily-used systems.

How do you people handle the backups of your servers? I'm running a set of customized backup scripts per server that tar important directories and scp them to the backup server, starting and stopping daemons as needed, but obviously that's not for anyone with uptime requirements. I also have many servers running in VMware and use that to snapshot the VMs regularly and scp them to the backup server.Reply With QuotethortosView Public ProfileSend a private message to thortosFind all posts by thortos #5 Old November 17th, 2008, 11:07killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Join Date: Nov 2008Location: Riga, LatviaPosts: 751Thanks: 87Thanked 88 Times in 56 PostsDefaultQuote:Originally Posted by thortos View PostThis strategy will probably fail for every server being used more than marginally. Especially dumping databases that are in use (such as Postgres or mySQL data directories) will yield inconsistent results and most likely result in non-working databases after recovery.

While I am aware that important databases are to be replicated live onto backup servers, I want to illustrate that this dump-while-in-use strategy is best used for desktops or low-profile servers, not for heavily-used systems.

How do you people handle the backups of your servers? I'm running a set of customized backup scripts per server that tar important directories and scp them to the backup server, starting and stopping daemons as needed, but obviously that's not for anyone with uptime requirements. I also have many servers running in VMware and use that to snapshot the VMs regularly and scp them to the backup server.Thanks for your replyI use FreeBSD as desktop, so this is more desktop-oriented guideYou made some very good points....Reply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #6 Old November 18th, 2008, 07:12zszalbot zszalbot is offlineJunior Member

Join Date: Nov 2008Location: PolandPosts: 1Thanks: 0Thanked 1 Time in 1 PostDefaultQuote:Originally Posted by thortos View PostHow do you people handle the backups of your servers? I'm running a set of customized backup scripts per server that tar important directories and scp them to the backup server, starting and stopping daemons as needed, but obviously that's not for anyone with uptime requirements. I also have many servers running in VMware and use that to snapshot the VMs regularly and scp them to the backup server.I use a script called automysqlbackup. It works quite well and it suits my needs.

http://sourceforge.net/projects/automysqlbackup/

Yours,

Zbigniew SzalbotReply With QuoteThe Following User Says Thank You to zszalbot For This Useful Post:thortos (November 20th, 2008)zszalbotView Public ProfileSend a private message to zszalbotFind all posts by zszalbot #7 Old November 18th, 2008, 07:30soko1's Avatar soko1 soko1 is offlineJunior Member

Join Date: Nov 2008Location: Belarus/MinskPosts: 14Thanks: 0Thanked 14 Times in 3 PostsDefaultPoor /sbin/dump that does not support uzip (geom_uzip.ko) = (Reply With Quotesoko1View Public ProfileSend a private message to soko1Visit soko1's homepage!Find all posts by soko1 #8 Old November 18th, 2008, 09:21killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Reply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #9 Old November 18th, 2008, 18:28Mel_Flynn Mel_Flynn is offlineMember

Join Date: Nov 2008Location: Yverdon, SwitzerlandPosts: 374Thanks: 7Thanked 59 Times in 51 PostsDefaultThe attached script, runs a weekly full backup, and incrementals 1-6 for the other days. It can compress locally (the machine being backed up has faster CPU then the backup machine) or remotely.

All this, from the daily periodic. Primarily useful for desktops that are on during the night or where the owner has chosen a different time for daily to run.

The full back up can take a very long time, naturally depending on ammount of data, CPU speed for compression and network transfer speed.Attached FilesFile Type: txt 201.backup-disks.sh.txt (3.8 KB, 58 views)Reply With QuoteThe Following User Says Thank You to Mel_Flynn For This Useful Post:michaelb (December 21st, 2008)Mel_FlynnView Public ProfileSend a private message to Mel_FlynnFind all posts by Mel_Flynn #10 Old November 18th, 2008, 20:29killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Reply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #11 Old November 19th, 2008, 11:43fxp fxp is offlineJunior Member

Reply With QuotefxpView Public ProfileSend a private message to fxpFind all posts by fxp #12 Old November 19th, 2008, 12:25abarmot's Avatar abarmot abarmot is offlineJunior Member

Join Date: Nov 2008Posts: 19Thanks: 1Thanked 0 Times in 0 PostsDefaultfxp, do not need to stop mysql.mysqldump lockes tables while dumping...Reply With QuoteabarmotView Public ProfileSend a private message to abarmotFind all posts by abarmot #13 Old November 19th, 2008, 18:15Mel_Flynn Mel_Flynn is offlineMember

if i understand you right, there's what i say about it:you can compress stdin to file (simplified)Code:

dump -0Lauf - /dev/da0s1a | bzip2 > /path/to/backup.img.bz2

Yes, but this doesn't really work well with all shells. At least I had problems with it a few years back when i wrote it. Things may have improved since then, but I kept it to see the difference in transfer speed that dump and dd report:Code:

Reply With QuoteMel_FlynnView Public ProfileSend a private message to Mel_FlynnFind all posts by Mel_Flynn #14 Old November 19th, 2008, 20:19killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Join Date: Nov 2008Location: Riga, LatviaPosts: 751Thanks: 87Thanked 88 Times in 56 PostsDefaultwell, you used#!/bin/shin your script, which means it MUST work everywhere the same, unless someone have replaced sh with something else.

and it doesn't matter under which shell you launch script, because it'll be run in SHReply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #15 Old November 20th, 2008, 00:55gelraen gelraen is offlineJunior Member

and it doesn't matter under which shell you launch script, because it'll be run in SHOnly if launch it as binary. When you run it like "source ./myscript" it will be parsed by current shellReply With QuotegelraenView Public ProfileSend a private message to gelraenFind all posts by gelraen #16 Old November 20th, 2008, 06:13killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Join Date: Nov 2008Location: Riga, LatviaPosts: 751Thanks: 87Thanked 88 Times in 56 PostsDefaultQuote:Originally Posted by gelraen View PostOnly if launch it as binary. When you run it like "source ./myscript" it will be parsed by current shellnow, why would you like to do that?Reply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #17 Old November 21st, 2008, 03:01fender0107401's Avatar fender0107401 fender0107401 is offlineJunior Member

Join Date: Nov 2008Location: China, Tian JinPosts: 97Thanks: 14Thanked 2 Times in 2 PostsDefaultThank you for the post, I just need a system backup solution.

I think backup is an important part of the system administration, though you may never need the backup data.__________________Just be yourself!Reply With Quotefender0107401View Public ProfileSend a private message to fender0107401Find all posts by fender0107401 #18 Old November 21st, 2008, 05:01killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Join Date: Nov 2008Location: Riga, LatviaPosts: 751Thanks: 87Thanked 88 Times in 56 PostsDefaultQuote:Originally Posted by fender0107401 View PostThank you for the post, I just need a system backup solution.

I think backup is an important part of the system administration, though you may never need the backup data.as a FreeBSD desktop user, i experiment a lot. And backups saves my tons of time.Reply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #19 Old November 21st, 2008, 08:31fender0107401's Avatar fender0107401 fender0107401 is offlineJunior Member

Maybe the reason is the time that I use it is very short (since june) and I prefer the security_release branch.__________________Just be yourself!Reply With Quotefender0107401View Public ProfileSend a private message to fender0107401Find all posts by fender0107401 #20 Old November 21st, 2008, 12:14blackjack blackjack is offlineJunior Member

Join Date: Nov 2008Location: Mother UkrainePosts: 19Thanks: 0Thanked 1 Time in 1 PostDefaultThis my script for dumpfilesystems. It run every day at 4:00 AM.Code:

and it doesn't matter under which shell you launch script, because it'll be run in SHNo. The shell redirect is on the target machine and passed on from ssh's command line parsing. All I remember is that it wouldn't work to a BSDi 4.1 host, nor an AIX host, but I can't for the life of me remember the error message.

echo foo|ssh host "cat - >/tmp/out"

works now, didn't work then.Come to think of it, it's possible it was caused by a shell wrapper.Reply With QuoteMel_FlynnView Public ProfileSend a private message to Mel_FlynnFind all posts by Mel_Flynn #22 Old December 12th, 2008, 09:39killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

P.S. can admin/moderator integrate this in original post (#1)__________________If FVWM can't do it, no Window Manager can..If you have solved your problem, plz add [SOLVED] tag to your threadReply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #23 Old December 14th, 2008, 22:38nakal's Avatar nakal nakal is offlineJunior Member

Join Date: Nov 2008Location: GermanyPosts: 19Thanks: 8Thanked 2 Times in 2 PostsDefaultI would not backup MBRs like you suggested, except you expect to restore things on the same drive again. MBR stores the drive geometry and partitioning information.

When you restore to a fresh drive, after a drive failure for example, it is a better idea to use fdisk, bsdlabel and eventually boot0cfg, in case you want a boot manager.

It is also possible to use gpart now. These is my preferred way to partition drives at the moment. For more information, how to use GPT partitions on i386 and amd64 and boot from them, read the article on my website: http://m8d.de/news/freebsd-on-gpt.php. It's a bit tricky, but you rather have to understand what I do there, not repeat the steps line by line.Reply With QuoteThe Following User Says Thank You to nakal For This Useful Post:killasmurf86 (December 15th, 2008)nakalView Public ProfileSend a private message to nakalFind all posts by nakal #24 Old December 15th, 2008, 04:40killasmurf86's Avatar killasmurf86 killasmurf86 is online nowMember

Join Date: Nov 2008Location: Riga, LatviaPosts: 751Thanks: 87Thanked 88 Times in 56 PostsDefaultQuote:Originally Posted by nakal View PostI would not backup MBRs like you suggested, except you expect to restore things on the same drive again. MBR stores the drive geometry and partitioning information.

When you restore to a fresh drive, after a drive failure for example, it is a better idea to use fdisk, bsdlabel and eventually boot0cfg, in case you want a boot manager.

It is also possible to use gpart now. These is my preferred way to partition drives at the moment. For more information, how to use GPT partitions on i386 and amd64 and boot from them, read the article on my website: http://m8d.de/news/freebsd-on-gpt.php. It's a bit tricky, but you rather have to understand what I do there, not repeat the steps line by line.ye, thank you for reminding me.... (i really forgot about this)btw, i don't backup my MBR, if anything i use sysinstall to rebuild partitions on drive and then press "w" in fdisk editor.It will write partition table to disk and ask for loader, pick MBR or FreeBSD loader, and exit sysinstall.Then i just use bsdlabel to rebuild labels and that is it.After that newfs and restore__________________If FVWM can't do it, no Window Manager can..If you have solved your problem, plz add [SOLVED] tag to your threadReply With Quotekillasmurf86View Public ProfileSend a private message to killasmurf86Visit killasmurf86's homepage!Find all posts by killasmurf86 #25 Old December 20th, 2008, 01:18sim's Avatar sim sim is offlineJunior Member

Join Date: Nov 2008Posts: 18Thanks: 1Thanked 0 Times in 0 PostsDefaultQuote:Originally Posted by thortos View PostHow do you people handle the backups of your servers? I'm running a set of customized backup scripts per server that tar important directories and scp them to the backup server, starting and stopping daemons as needed, but obviously that's not for anyone with uptime requirements. I also have many servers running in VMware and use that to snapshot the VMs regularly and scp them to the backup server.I backup my servers using rsnapshot from my archive server:

On each client server, a nightly cron makes a snapshot of each filesystem and mounts them on /snapped_fs (/snapped_fs/, /snapped_fs/usr/, /snapped_fs/var/ etc). So I always have yesterday's complete filetree, mounted and frozen in time. When my archive server connects for the nightly rsnapshot, it syncs the frozen tree, not the live tree. Filesystem snapshots are supposed to be consistent.

Just to be sure, another nightly cron also runs pg_dumpall. PostgreSQL dumps are point-in-time, consistent dumps which don't require the server to stop or lock any tables. I keep the last 15 dumps, and these are of course part of the filesystem snapshot so they get copied with rsnapshot.

So what is a network interface? In plain old english, it is a logical reference to underlying network hardware. They comprise the lowest layer of the networking subsystem, interacting with the actual transport hardware.

Network Interface Concepts

It is important to understand network interfaces as they are the key to talking to your network hardware (like Ethernet, token-ring,ATM,etc). Different network interfaces may support one or more different protocol families, such as TCP/IP, IPX, etc.Ifconfig The main utility for inspecting and configuring a network interface is ifconfig. First lets look at viewing all interfaces:

Ah, it appears I have several interfaces: xl0,lp0,ppp0,sl0,faith0,and lo0. What do they all mean? First lets talk about the loopback interface, lo0. This is a special interface for communicating with itself. It always has the IP address 127.0.0.1. All of the other interfaces (except xl0) will be ignored for now but I will give a brief description:

Now, xl0. I chose to look at xl0 because it is the logical reference to my ethernet network card I have installed in my machine. This is not to say that every network card in FreeBSD will be referenced by xl0. Unlike Linux, each corresponding Ethernet chipset driver is referenced differently in FreeBSD. A full list is located in the kernel LINT file. I happen to be using a 3com network card, for which the xl driver has been written. therefore, my network card is referenced by xl0, meaning the first 3com network card in the machine. If I added another 3com network card to my box, it would show up as xl1, add another and get xl2, etc, etc. I can get more information from the kernel dmesg.boot file like so:

This tells us some interesting things. The first line show the interface flags . The flags basically say that this interfaces is UP. It is a BROADCAST type interface. It's running in SIMPLEX mode and MULTICAST is enabled. The mtu, or Maximum Transmission Unit, is set to 1500 bytes (standard for ethernet). The next line says inet 205.238.129.221 ... This is the IP address configuration line. inet (meaning IPv4 family) followed by the IP address, netmask and broadcast address configured on this ethernet interface. The next line inet6 deals with IPv6 (which I'm not covering). The next line ether 00:50:da:77:cc:77 tells you the ethernet MAC address. The next line media: ... refers to the media type and option of the network card. It appears my card is running at 100baseTX . This was picked up by the autoselect. You can, however, manually set your media type and different options associated with media (like duplex). To see what all media types are supported by your network card:

Thursday, May 14, 2009

0x80070002-A problem is preventing Windows from accurately checking the license for this computer A problem is preventing Windows from accurately checking the license for this computer.Error Code: 0x80070002

When Windows XP boots up, after the Welcome Screen a message comes that shows the above message, and it does not allow you to login.Solution!

Boot into Safemode

Press F8 While booting just after the BIOS screen or during the OS Selection menu.

If any of these files are missing, restore these files, from the setup disk, I386 folder or from another system.

To restore from a setup disk, put the CD in, and browse to the I386 folder copy the file with extension XXXXX.XX_ where XXXX.XX is the file name with first 2 letters of the extension. Rename it to a .cab file and extract the file to system32.

Reboot the system and now try again.

Your problem must be solved.

If still your problem persists try the following from Microsoft knowledge base.

Reset the default security provider in Windows XPTo reset the default security provider in Windows XP, delete the relevant registry keys in the Windows registry. To do this, follow these steps:1. Start the computer. Press the F8 key during startup to start the computer in Safe mode.2. Start Registry Editor (Regedt32.exe).3. Delete the following registry keys in the Windows registry:HKEY_USERS\.DEFAULT\Software\Microsoft\Cryptography\ProvidersHKEY_USERS\S-1-5-20\Software\Microsoft\Cryptography\Providers4. Quit Registry Editor.5. Restart the computer.

Reset the drive letter of the system driveUse Registry Editor to change the drive letter of the system drive back to its original value. Edit the following registry key to change the value of the system drive:HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

Best of luck...:)===========================================

Fixing the Windows 0x80070002 update error by utilizing various methods. While updating windows, it is possible to receive the 0x80070002 Error. As a result the update process will not be completed, and your computer will not be able to transmit files. The reason for your computer receiving the 0x80070002 Error is due to it not having all of the files that should have been transmitted when updating your software. This is an initialization error that occurs after files have been downloaded, and extracted to the computer.

To fix the error manually, it will be necessary to remove all of the files partially downloaded, and try again to update your Windows files. Alternatively you could use Registry Booster from Uniblue, which scans for all system errors and fixes them for you without having to do things manually.

1. On the Windows desktop, press Start, and when the menu opens up,

2. Press Run, and input the following command “services.msc”

3. In the Run box, type "services.msc", and press "Enter".

4. This will open the "Local Services" window.

5. In the Local Services window find the name “Automatic Updates” and right click.

6. On right click, scroll down and press “Stop”. This will cause the Automatic Updates to pause to correct the situation. Do not close the Local Services window.

At this point you can go to the "Software Distribution" folder and delete its contents, or give the folder another name. It is advised that you just rename the folder,

7. To do this go to the Windows desktop and press “Start” then press “Run” when the menu opens.

8. Input the “cmd” command into Run, and the computer will take you to the DOS prompt.

9. At the DOS prompt type in this command “cd %windir%” (without the quotes), and press Enter.

10. You should now be in the Windows directory.

11. At the Windows directory, input “ren SoftwareDistribution SoftDisTemp” and hit "Enter". This will rename the Software Distribution folder to the new name of SoftDisTemp.

12. Type "Exit" and hit "Enter" to close the DOS window.

13. Now go to the "Local Services" window and right click "Automatic Updates" to restart it.

Tuesday, May 5, 2009

rssh is a Restricted Secure SHell that allow only the use of sftp
or scp. It could be use when you need an account (and a valid
shell) in order to execute sftp or scp but when you don't want to
give the possibility to log in to this user.

Error opening message store (MSEMS). Verify that the Microsoft Exchange Information Store service is running and that you have the correct permissions to log on. (0x8004011d)

*** are you running Exmerge as the administrator?

http://support.microsoft.com/kb/273642/ExMerge Does Not Work Unless You Have Receive As and Send As Permissions on the Store

By default the admin accounts are specifically denied the SendAs & ReceiveAs rights, so you need to remove those deny permissions, or create a non-admin account for doing Exmerge.

To resolve this issue, grant the account that you are using to run ExMerge Receive As and Send As permissions on the Mailbox store:

1. Start Exchange System Manager, and under Administrative Groups, locate the Mailbox store. 2. Right-click the Mailbox store, click Properties, and then click the Security tab. 3. On the Security tab, in the top pane click the account that you are logged on as, and in the bottom pane, click to select the Receive As and Send As check boxes to grant these permissions to that account. 4. Click OK. This account now has full permissions to log on to the mailbox store, and to export or import messages for every mailbox. 5. Grant Send As and Receive As permissions to this administrator account on all the mailbox stores against which you need to run ExMerge.

Note When you are ready to process the data from the new stores, stop the SMTP service. By stopping the SMTP service, no new e-mail messages are delivered to the new stores while you are running ExMerge.

Monday, May 4, 2009

Restrict individual user to home directory onlyAsked by cscorbet in Unix Network SecurityTags: restrict, home, directory, userHi, I have a FreeBSD box, with a small number of users, I would like to restrict individual user to their home directory only. Can anyone help?

prasadklk:Set the restricted shell for that user.See this doc:http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-553.html

01/27/03 11:45 AM, ID: 7824677

cscorbet:I would like users to change directory within the users home directory.

Restricted Shell doesnt allow this ?

"28.10.1 Restricted ShellRestricted shells allow you to control the user's environment. The restricted shell, rsh, allows the user to do everything allowed by sh, except:

change directory".

01/27/03 12:14 PM, ID: 7824894

prasadklk:Yes,That is right.. restricted shell does not allow user to change the directory,...If it is any other shell, user can see all the files and directories wherever he has read and execute permission.I don't think there is a way to restrict a user to home directory and allow him to see all the sub directories without changing the permissions of other directories which is not so practical.

01/28/03 02:12 AM, ID: 7828617

liddler:I don't know if it can be applied to login, but chroot is used with ftp to restict users to a directory tree.

01/28/03 04:01 AM, ID: 7829046

ahoffmann:write a small wrapper, like

#!/bin/sh/usr/bin/chroot ~ /bin/sh && exit 0

use this wrapper as shell in your passwd(needs to be more tricky if you'd like to allow sevaral shells)

01/28/03 07:46 AM, ID: 7830467

chris_calabrese:Agreed. restricted shell is not restrictive enough. Use chroot. Or better yet, use User Mode Linux (no, it's not available for FreeBSD) where you can give each user their own virtual machine.

01/31/03 07:38 AM, ID: 7853829

cscorbet:"#!/bin/sh/usr/bin/chroot ~ /bin/sh && exit 0"

this did not work. Operation not permitted.

01/31/03 11:13 AM, ID: 7855328

chris_calabrese:The program needs to be SUID root for chroot to work.Something more like:

liddler:logname is a command that returns the name of the user that logged. It is surrounded by single back quotes (``) which tell the script to execute that command and return the result to the script

02/22/03 02:43 PM, ID: 8000319

jimbb:Many platforms won't honor the SUID bit on an interpreted (#!) script. I don't think FreeBSD will, so those solutions may not work.

Anyway you may be able to fulfill this with a restricted shell, as others have pointed out.

Make sure you control the $PATH variable for that shell, though, otherwise they can just execute another shell and escape the restricted directory. Other caveats may apply as well.

05/03/03 11:58 PM, ID: 8453648

Droby10:as suggested, a chroot shell wrapper is a nice solution. there are some caveats to doing so. you will want to copy /bin, /dev/, and /lib, and /usr/lib into the user's home directory ...but only those executables, devices, and libraries that you wish to grant access to...

you will run into some issues. for instance, without creating another swap partition proc under the users home, ps won't work. df, which relies on /dev entries will also fail. who (relies on /var/utmp). so you will need to collect a dependency list for each allowed command and copy those dependencies into the users home in a way that a chroot will result in the same path as before. ie. /usr/home/droby10/usr/bin/perl

also be careful about which devices you copy in, copied terminal devices with unchanged permissions (as normally occurs through getty) will allow read/write access...don't even copy mem or kmem (forget which is present in bsd).

as opposed to using a shell wrapper, you might try to modify login to perform the chroot before initializing the user shell. (again, the shell would have to be copied into the user's home to be effectively called after the chroot occurs).

05/04/03 12:00 AM, ID: 8453650

Droby10:forgot to mention that the results of copying some of those dependencies won't be accurate...ie who from a stale utmp database would only reflect the entries present when it was copied.

05/20/03 07:25 AM, ID: 8550878

mlafortune:I don't know which version of FreeBSD you have, but later versions offer a nice feature called jail. You create a virtual environment (you can call it a virtual machine) and it allow you to chroot you user. The first jail might be a little long to setup as you have to "make world" but once it's done, you can just copy that "environment" to the next user. One warning, you will need a lot of disk space.

on FreeBSD 4.6R> man jail

NAME jail - imprison process and its descendants

SYNOPSIS jail path hostname ip-number command ...

DESCRIPTION The jail command imprisons a process and all future descendants.